Hello, and welcome to this learning path that has been designed to help you prepare for and pass the AWS Certified Advanced Networking - Specialty certification.

My name is Danny Jessee, and I am one of the trainers here at Cloud Academy, specializing in AWS–Amazon Web Services–and AWS certifications. Feel free to connect with me to ask any questions using the details shown on the screen. Alternatively, you can always get in touch with us here at Cloud Academy by sending an email to support@cloudacademy.com, where one of our cloud experts will reply to your question. 

The AWS Certified Advanced Networking - Specialty certification has been designed for anyone who has knowledge and experience designing, implementing, and operating complex AWS and hybrid networking architectures. According to the exam guide, you should also understand the nuances of AWS networking, particularly with respect to the integration of AWS services, as well as AWS security best practices. AWS recommends that candidates for this exam have at least 5 years of general networking experience, and at least 2 years of cloud and hybrid networking experience. This learning path will provide you with the knowledge you need when preparing to take the latest version of the AWS Certified Advanced Networking - Specialty certification exam, which was released in July 2022.

The certification itself is broken down into four distinct domains:

1. Network Design,
2. Network Implementation,
3. Network Management and Operation, and
4. Network Security, Compliance, and Governance.

Each of these domains carry a specific percentage weighting within the exam. Each domain also contains a series of task statements that call out specific required knowledge and skills. These are outlined in the official AWS exam guide that you can find here. There is also a clickable link to this guide in the Course Material section for this course. 

Let’s start by taking a look at each of these domains to give you a better understanding of the topics that will be covered on the exam.

Domain 1: Network Design. This domain accounts for 30% of the exam content and focuses on 6 key areas:

• Design a solution that incorporates edge network services to optimize user performance and traffic management for global architectures,
• Design DNS solutions that meet public, private, and hybrid requirements,
• Design solutions that integrate load balancing to meet high availability, scalability, and security requirements,
• Define logging and monitoring requirements across AWS and hybrid networks,
• Design a routing strategy and connectivity architecture between on-premises networks and the AWS Cloud, and
• Design a routing strategy and connectivity architecture that include multiple AWS accounts, AWS Regions, and VPCs to support different connectivity patterns.

This domain will test your understanding of best practices when designing network architectures on AWS. This includes knowing the differences between network, application, and gateway load balancers and the use cases for each; when to use services such as Amazon CloudFront and AWS Global Accelerator for global traffic distribution and management, and how to use Route 53 for DNS including alias records, public and private hosted zones, and Route 53 Resolver endpoints. You should know how to design network routing strategies that span multiple VPCs, regions, and AWS accounts, and how to leverage logging and monitoring tools such as CloudWatch logs, VPC flow logs, and the VPC Reachability Analyzer within your production architectures.

Domain 2: Network Implementation. This domain accounts for 26% of the exam content and focuses on 4 areas of interest:

• Implement routing and connectivity between on-premises networks and the AWS Cloud,
• Implement routing and connectivity across multiple AWS accounts, Regions, and VPCs to support different connectivity patterns,
• Implement complex hybrid and multi-account DNS architectures, and
• Automate and configure network infrastructure.

Building on the objectives from Domain 1, this domain will assess your ability to implement production architectures that connect on-premises environments to the AWS Cloud using Site-to-Site VPNs and Direct Connect. You should understand the process for requesting and provisioning a new Direct Connect connection, how to use static and dynamic routing protocols to support hybrid connectivity, and how to configure redundancy and failover for these connections. You should know how to share resources across AWS accounts using the AWS Resource Access Manager, and when to leverage VPC Peering, Transit Gateways, and PrivateLink within your production architectures.

Domain 3: Network Management and Operation. This domain accounts for 20% of the exam content and focuses on the following 3 items:

• Maintain routing and connectivity on AWS and hybrid networks,
• Monitor and analyze network traffic to troubleshoot and optimize connectivity patterns, and
• Optimize AWS networks for performance, reliability, and cost-effectiveness.

This domain will test your knowledge when it comes to managing, monitoring, and maintaining production environments, including how to configure public or private access to both custom and AWS-native services, how to use route tables to direct traffic within and across your networks, and how to configure routing protocols for hybrid connectivity, such as BGP over a Direct Connect connection. You should also understand the costs associated with these different connectivity options and be able to balance cost against performance and reliability requirements.

And finally, Domain 4: Network Security, Compliance, and Governance. This domain accounts for 24% of the exam content and will assess you in 3 areas:

• Implement and maintain network features to meet security and compliance needs and requirements,
• Validate and audit security by using network monitoring and logging services, and
• Implement and maintain confidentiality of data and communications of the network.

This domain is all about your understanding of network security and how to leverage tools and services such as AWS WAF and Shield, as well as different types of Network Firewalls, proxies, and appliances to secure both inbound and outbound network traffic. You should know how to configure security groups and network ACLs to secure traffic within your VPCs, and use services such as VPC Traffic Mirroring to monitor, log, and troubleshoot issues with network traffic. You should also know about network encryption options on AWS, and how to leverage encryption to secure data in transit.

Throughout this learning path, you will be guided through a number of courses, hands-on labs, and assessments that will cover every element within the domains I just discussed. This will ensure that you have the required knowledge and sufficient understanding to enable you to pass this certification exam.

Feedback on our learning paths here at Cloud Academy is valuable to both us as trainers and any students looking to take the same learning path in the future. If you have any feedback, positive or negative, or if you notice anything that needs to be updated or corrected for the next release cycle, it would be greatly appreciated if you could email support@cloudacademy.com.

That brings me to the end of this introduction. Coming up next, we’ll begin our journey by introducing AWS Networking and Virtual Private Cloud.